cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
🔒 This topic is solved and locked. Need further help from the community? Please sign in and ask a new question.
Cherry
Obsidian | Level 7 Cherry
Obsidian | Level 7
Go to Solution

security issues with SAS Internal ID's?

Posted 11-12-2019 09:37 PM (1480 views)

Hi,

currently we have created some sas internal user id's for a set of associates for special purpose to view few reports on SAS VA, we should not allow them to use external id's ( they are not in our AD group).

I would like to know is there any security issues raises when they use internal sas id's? if yes please elaborate them? also advise how to mitigate the risk?

Appreciate your help.

 

Thanks,

Cherry.

0 Likes
1 ACCEPTED SOLUTION

Accepted Solutions
andreas_lds
Jade | Level 19 andreas_lds
Jade | Level 19

Re: security issues with SAS Internal ID's?

Posted 11-13-2019 02:01 AM (1451 views)  |   In reply to SASKiwi
@SASKiwi wrote:

[...]

 

Perhaps the biggest risk with SAS internal IDs is their passwords are static and there is no mechanism to have them expire automatically so they get changed on a regular basis. So to mitigate this risk you could have a policy of updating them on a regular basis. It is advisable to have these IDs stored in your company's password safe, so they aren't lost.

Automatic password expiration seems to be possible (using 9.4m5):

internal_acc_pw_exp.png

 

View solution in original post

0 Likes
4 REPLIES 4
SASKiwi
PROC Star SASKiwi
PROC Star

Re: security issues with SAS Internal ID's?

Posted 11-13-2019 12:57 AM (1464 views)  |   In reply to Cherry

SAS internal IDs must have their passwords stored with them in a SAS metadata repository. These passwords are stored in an encrypted form. OS userids do not normally have passwords stored in SAS metadata, so from that perspective they are more secure.

 

Perhaps the biggest risk with SAS internal IDs is their passwords are static and there is no mechanism to have them expire automatically so they get changed on a regular basis. So to mitigate this risk you could have a policy of updating them on a regular basis. It is advisable to have these IDs stored in your company's password safe, so they aren't lost.

0 Likes
Cherry
Obsidian | Level 7 Cherry
Obsidian | Level 7

Re: security issues with SAS Internal ID's?

Posted 11-13-2019 01:31 AM (1458 views)  |   In reply to SASKiwi

can we get the audit logs of sas internal id's activities? I mean can we track what they ( sas internal id's) are doing on sas?

 

 

Thanks,

Cherry. 

0 Likes
andreas_lds
Jade | Level 19 andreas_lds
Jade | Level 19

Re: security issues with SAS Internal ID's?

Posted 11-13-2019 02:01 AM (1452 views)  |   In reply to SASKiwi
@SASKiwi wrote:

[...]

 

Perhaps the biggest risk with SAS internal IDs is their passwords are static and there is no mechanism to have them expire automatically so they get changed on a regular basis. So to mitigate this risk you could have a policy of updating them on a regular basis. It is advisable to have these IDs stored in your company's password safe, so they aren't lost.

Automatic password expiration seems to be possible (using 9.4m5):

internal_acc_pw_exp.png

 

0 Likes
SASKiwi
PROC Star SASKiwi
PROC Star

Re: security issues with SAS Internal ID's?

Posted 11-13-2019 02:05 PM (1409 views)  |   In reply to andreas_lds

@andreas_lds  - Thanks for pointing that out. We use 9.4M2 and expiring internal accounts is possible in M2 as well.

0 Likes

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Get Started with SAS Information Catalog in SAS Viya

SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.

Watch Get Started with SAS Information Catalog in SAS Viya on YouTube

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 4 replies
  • ‎11-12-2019 09:37 PM
  • 1481 views
  • 0 likes
  • 3 in conversation